diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index 98e210dd10e..af7d732372b 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -903,6 +903,9 @@ function start-kube-apiserver {
 
 
   local authorization_mode="RBAC"
+  # Load existing ABAC policy files written by versions < 1.6 of this script
+  # TODO: only default to this legacy path when in upgrade mode
+  ABAC_AUTHZ_FILE="${ABAC_AUTHZ_FILE:-/etc/srv/kubernetes/abac-authz-policy.jsonl}"
   if [[ -n "${ABAC_AUTHZ_FILE:-}" && -e "${ABAC_AUTHZ_FILE}" ]]; then
     params+=" --authorization-policy-file=${ABAC_AUTHZ_FILE}"
     authorization_mode+=",ABAC"